Customer may not be able to add IPS to SMS, and unable to deploy Digital Vaccine. When trying to download the update, the following error shows:
Cannot update DV when using a generated SSL key. To resolve,
install a new SSL key or set FIPS mode to crypto or disable.
If the SSL cert on the SMS, for example, is expired or not valid, the device would not allow to communicate with the SMS because they treat it as untrusted device. This can also be an issue when trying to add a device that is either under control of another SMS or does not trust this cert. There is a cert on the SMS in the "background", which won't be shown in the UI. This is a normal behavior.
If the SMS can successfully control other devices, there is a corruption of the cert/SSL on the side of the IPS.
To address this issue:
- Log in to the device's CLI via SSH as superuser.
- Make sure the device is not in SMS control using the command below.
It should give you a single line with either "Error, SMS is controlling the device" - or "" as output.
# fips reload-ssl
- Generate a new key using the following command:
# fips restore-ssl